Commence – an OS Deployment Frontend

Posted by Flemming Christiansen

June 13, 2017

Commence is an OSD Frontend designed for supporting bare-metal OS installation, reinstallation and decommissioning of computers. It offers a secure frontend for administrators, super users or even end users to provide support for installing or reinstalling computer using network boot (F12 boot).

How it works

Commence will be “attached” to a ConfigMgr OS Image and a very simple Task Sequence.

Then performing a network boot (PXE), the Boot Image will load and start Commence as the first step after the image has been loaded and Windows PE has started.

Then Commence will prompt for username and password to gain access to the Cireson Deployment Service.

Commence is using the Deployment Service to communicate with CMP, so the person logging in to Commence will have to be granted access to use CMP and Commence.

Since CMP has its own Role Based Access Control (RBAC) model besides optional leveraging Configuration Managers own RBAC, permissions granted in CMP and Configuration Manager will be reflected in Commence.

Bare metal/new installation

Once logged in to Commence, it will determine if the current computer already exists in Configuration Manager by looking up the computers BIOS ID also knowns as BIOS GUID or UUID.

If the computer is unknown to Configuration Manager it will setup for a new installation.

Basically, you will be entering a computer name and select between collections having a deployment for a OSD Task Sequence attached.

CMP OS Deployment Templates and Numbering Sequencing is supported here, this eases the process as the computer name could be predefined with a prefix and the next free number in an attached Numbering Sequence.

Even the Task Sequence with the Operating System to apply can be fixed for the OS Deployment Template in advanced and locked for the user logging on. This enables IT administrators to allow super users or even end users to install or reinstall computers.

Once all selection has been made, finish the wizard and Commence will create the computer in Configuration Manager and add the computer to the selected collection having an OSD Task Sequence deployment.

Commence will now exit and the selected OSD Task Sequence will carry on the installation process.

Reinstallation

Commence will automatically determine if the computer already exists in Configuration Manager and if it does, it enters reinstall mode.

This will reuse the computer already in Configuration Manager and load the computer name.

This is done by checking if the computers BIOS GUID and/or MAC Address already exists in Configuration Manager.

Depending on the user’s permissions and setup, the user will be able to change the Operating System, primary user and MDT Roles.

MDT integration

As CMP can integrate to Microsoft Deployment Toolkit (MDT), you can select which MDT roles to process and which Organizational Unit (OU) the computer should be placed into during the OS Deployment process directly from Commence.

Using OS Deployment Templates, the default selected roles can be predefined.

MDT Roles and OUs are also using the built-in RBAC of CMP, so you can define which MDT roles and OUs a user group can access.

Decommission

A very useable feature is the Decommissioning feature of Commence.

If the computer is about to be taking out of production, added to stock or perhaps given away to charity, you would want to remove the computer from Configuration Manager, MDT, Active Directory and format the disks, maybe even extensively by zeroing out the hard disks.

This can be done using Commence, probably the easiest way to do that – avoiding USB boot and other quirky solutions.

Unknown computer support

A challenge is that when a new computer is to be installed, it needs to be known to Configuration Manager unless the “Unknown System Support” is enabled in Configuration Manager.

In CMP, there is a feature called “Pre-register computer”.

This simple form lets a user pre-register a computer only by knowing the MAC Address or BIOS GUID.

It will create the computer in Configuration Manager, but with a prefix and a name containing the entered MAC Address or BIOS GUID.

Once done, you can PXE boot the new computer because it is now a known computer in Configuration Manager.

When Commence starts, it will recognize the computer by the temporary computer object we created in CMP, delete that computer object and create a new computer with the correct name.

Secure

Commence is secure due to the logon requirement and access control of CMP.

Even if a non-authorized user can F12 boot a computer, the user will not be able to continue into an OS installation, not even if the user cancels the Commence login process.

The reason is that the Task Sequence used to start Commence doesn’t contain any steps capable of installing or modifying the computer.

Remember selecting an OSD Task Sequence from Commence? That will replace the Commence Task Sequence and install an Operating System.

When using Commence you would not have to have your OSD Task Sequences exposed to collections like “All unknown computers”. You will just want to add the Commence Task Sequence to that collection and let Commence control which collection to add the computer to.

This allows much easier control over multiple OSD Task Sequences with various Operating System Images attached as well as being able to control package and application installations using MDT Roles.